Stop users access to UNC within Office 2003 Apps

Help Desk
Microsoft Windows
Microsoft Windows Server 2003
I have a W2K3 server with students accessing this by terminal server on thinclients. I thought I had tightened up the security of the server sufficiently enough so that they cannot browse and access the other users My Documents folders. The My Documents for all users has been redirected for to a 'Shares' folder and when they logon for the first time it creates their folder. I had to assign 'Modify' access for users to this folder to be able to create the folder. These redirection changes were only required as Teachers needed 'Full Access' to the Students files which they could not have with no Admin rights if left to the standard Documents & Settings folder. Through Group Policy I have limited the students from browsing via Network Neighborhood. I hope that is enough background of my TS server setup - my problem now is that a teacher has identified that if a student opens Word | File | Open, they can type in a UNC path ie servernameetc that students can access other students files. Is there any way I can stop this access? I have looked over the Group Policies but Microsoft do not appear to have thought of this 'loophole' that may not be wanted.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Just shooting from the hip here – I don’t know of any TS/AD tricks to remove the ability to type a UNC path in the file open window, but with the proper NTFS permissions on the other students folders and files, this shouldn’t be an issue. IF those proper permissions are in place, no one, save the Sys Admin, should be able to see any files other than their own.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Stenwolf
    possibly you might be able to restrict the office suit permissions. ie. run as... make sure is not a system process. if the suit is run with student priviliges, it should be restricted to student priviliges, in theory.
    0 pointsBadges:
  • Howard2nd
    Granular permissions - Controlling 'Shared folders' 1st - create a group Teachers with "Modify et Al" on your workspace folder (they only need 'Full' access to delete sturdent folders). Then you can add/remove members without stirring the permissions mix. 2nd - Each student should have access only to their own folder. AND not have the right to add users. 3rd create a dummy student account and test that you can NOT see the contents of other students folders. While you share with 'everyone' you allow access through NTFS permissions. Good Luck.
    30 pointsBadges:
  • Nitinj
    You cannot restrict the same by group permission. For this you need to assign the user level permission on the individul stundents folder.
    0 pointsBadges:
  • Traceylb
    Thanks for the suggestions so far and I will try them out as soon as I get a chance to.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: